Cyber-attack documentary more than a cool spy story

Interviewees featured in Zero Days include former Central Intelligence Agency director Michael Hayden.
Interviewees featured in Zero Days include former Central Intelligence Agency director Michael Hayden.PHOTO: MAGNOLIA PICTURES

REVIEW / DOCUMENTARY

ZERO DAYS (PG13)

116 minutes/Opens tomorrow/4/5 stars

The story: Imagine a computer virus that has the power to take control of machines and order them to destroy themselves.

This is no Hollywood plot device, but a real-life malware called Stuxnet that was discovered in Belarus in 2010. Allegedly developed by the United States and Israel, this independent, self-replicating worm sabotaged centrifuges inside Iran's Natanz uranium enrichment plant. Through interviews with officials, secret agents, security experts and journalists - both current and former - director Alex Gibney paints a doomsday scenario of how strings of 0s and 1s can wreak havoc on critical infrastructure and put lives at risk.

As any netizen can attest, the World Wide Web is a world without rules. Gibney - who helmed the Oscarwinning Taxi To The Dark Side (2007), a look at the United States' policy on torture - suggests that this lawlessness has allowed the birth of Stuxnet, reportedly part of a covert Central Intelligence Agency and Mossad operation called Olympic Games.

As one of his interviewees pithily said, the norm in cyberspace is "do whatever you can get away with".

Unlike conventional warfare, attacks in the digital realm are difficult to attribute and are almost invisible until it is too late.

Also, there are no widely accepted rules of engagement or cyberarms control, likely because the US does not want to acknowledge whether it has offensive cyber capabilities.

This code of silence could not be more evident in Gibney's frustrating encounters with government bigwigs and former spies, whose stonewalling becomes a sort of running joke.

Still, he manages to get some admissions from unnamed intelligence sources, including an apparent one who, despite her face being digitally masked for almost the entire movie, does not hide her anger at Washington's version of omerta, or code of silence.

Other interesting talking heads include Symantec "woodpeckers" (the industry's term for virus hunters) Eric Chien and Liam O'Murchu, who demystify a lot of the tech jargon for non-digital natives .

One memorable scene involves the boffins programming a code to inflate a balloon and stop before it explodes, then infecting the code with Stuxnet. The result is a chilling metaphor for the devastating impact the virus holds.

Gibney believes the irony is that the Internet-connected US may be the most vulnerable country to a cyberwar, and its government's supposed attempts to sabotage Iran's nuclear programme were futile and led to retaliatory cyber attacks on oil firm Saudi Aramco and US banks.

For those who are familiar with the story, there is nothing revelatory here, save for the documentary's uncovering of Nitro Zeus, a reportedly larger cyberattack plan by the US against Iran, before the film's premiere at the Berlin Film Festival in February.

But Zero Days - its title a reference to the software vulnerabilities that made Stuxnet possible - is more than just, as a source puts it, "a cool spy story".

It is also a cautionary tale of the dangers of secrecy and a clarion call for an honest discussion on cyber weapons and their lethal potential.

A version of this article appeared in the print edition of The Straits Times on December 14, 2016, with the headline 'Cyber-attack documentary more than a cool spy story'. Print Edition | Subscribe